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AMENDMENTS TO THE SPECIFICATION : 

Please amend the first paragraph on page 1 as follows: 

Security specification creation support device and method of security specification creation 
sttppert support. 

Please amend the fourth paragraph on page 1 as follows: 

The International Security Evaluation Standard ISO/EC 15408 (CC: common criteria) is a 
basis for the design and evaluation of the security function of IT (Information Technology) products. 
In order to carry out development of products based on this ISO 15408 and to obtain 
evaluation/certification thereof, it is necessary to create a security requirements specification (PP: 
protection profile) or security design specification (ST: Security Target) specific to ISO15408. 
Hereinbelow, the security requirements specification and security design specification will be 
referred to as security specifications. In the creation of such security specifications, there is the 
problem that not only specialized knowledge of security in general and ISO 15408 is required but 
also a detailed knowledge relating to the threats that are specific to the target product, examples of 
counter-measures, know-how relating to security, as to what type of counter-measures are effective 
against what type of threats, and specialized techniques relating to analysis tasks, such as risk 
analysis. Also, in putting into practice the analysis task such as risk assessment, there is the problem 
that for example an exhaustive analysis of threats and counter-measures ate etc. and selection of 
security requirements appropriate to the counter-measures is necessary and an enormous amount of 
time is consequently required. 
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Please amend the second paragraph on page 2 as follows: 

In the security design support tools described in CC ToolBox (tm) and "Security Design 
Evaluation Support Tools (V3.0) User Manual", Information-technology Promotion Agency 
Information-technology Security Center, May 2002, p. 2-69, a database is prepared in which there 
are recorded beforehand examples of various types of definition information such as threats or 
security objectives described in security specifications . Definitio n and definition information 
directly selected by the user from this database or definition information extracted from the database 
by user response to questions presented to the user is automatically entered at prescribed locations 
in the security specification. In this way, the burden of the user himself/herself arriving at definition 
information is reduced and automatic creation of security specifications in accordance with a 
prescribed form can be achieved. 

Please amend the third full paragraph on page 3 as follows: 

For example, a security specification creation support device according to the present 
invention has a security specification example database in which existing security specifications are 
registered as example s. Aj -a definition information acceptance unit feat accepts the definition 
information of respective components constituting the information network system from the user. 
Ar-a security specification selection unit feat looks up reusable examples from the security 
specification example database using definition information of the component in question accepted 
by the definition information acceptance unit in respect of the respective components . Aj -and-a 
security specification draft creation unit feat creates a composite security specification draft in 
respect of an information network system by entering the details of respective examples found by 



3 



Serial No.: 

the security specification selection unit in a prescribed form of security specification and accepts 
revisions of the draft in question from the user. 

Please amend the first full paragraph on page 4 as follows: 

The security specification selection unit, if at least one reusable example is detected from the 
security specification example database in respect of the respective components, causes a user to 
select an example for re-use from the detected examples and uses this selected example as a security 
specification draft for the component in question and accepts from the user revisions of this draft. 
Howeverj-but, if no reusable example is detected from the security specification example database, 
the security specification selection unit c reates a security specification draft of the respective 
components by accepting from the user a security specification draft of the components. Also, the 
security specification draft creation unit may create the composite security specification draft by 
entering the details of the security specification draft of the respective components in the form of 
security specification. 

Please amend the fourth and fifth paragraphs on page 5 as follows: 

In Figure 3 , section (A) exemplifies ajayout 31 of a security specification (PP/ST) in 
accordance with the International Security Evaluation Standard ISO 15408 and an example 
statement 33 of various types of definition information. In Figure 3 , section (B) shows an example 
35 of a composite security specification. 

Please amend the twelfth paragraph on page 5 as follows: 
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Figure 10 (A) to Figure 10(D) show examples (A) to (D) of menu bars of a working screen 
displayed on a display device 56 by a system configuration definition PG 5421 . 

Please amend the fourth full paragraph on page 9 as follows: 

hi Figure 3 , section (A) shows an example layout 31 of a security specification (PP/ST) in 
accordance with the International Security Evaluation Standard ISO15408 and an example 
statement 33 of the each type of definition information. As shown in the drawing, security 
specification in accordance with ISO 15408 is provided with a plurality of prescribed items 
including a specification title 311, product name 312, TOE (Target of Evaluation) description 313, 
assumptions 331, organizational security policies 332, evaluation assurance level 333 and so on. A 
security specification in accordance with ISO 15408 specifies the layout of the table of contents and 
the descriptive details to be given in each item of the table of contents. Consequently, if it is 
possible to specify in which item of the table of contents the target information is to be found, the 
target information can be referred to as appropriate or extracted from the security specification. 

Please amend the first and second full paragraphs on page 10 as follows: 
hi Figure 3 , section (B) shows an example 35 of a composite security specification. As 
shown in the Figure, the composite security specification is based on the International Security 
Evaluation Standard ISO 15408. As described above, a system security specification draft 13 that 
supports creation by the security specification creation support device 1 1 of the present embodiment 
is constituted having a security specification draft 19 of each component that constitutes the system 
16 to be designed and a composite security specification draft 18 of the system to be designed. A 
composite security specification draft 18 is automatically generated such that the security 
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specification draft 19 of the components that are described corresponding to the security 
environment description of the system to be designed and/or the security objectives for the system 
to be designed, the security requirements and the descriptive details of the security specification 
draft 19 of the components that are to realize the security function are referred to (reflected) therein. 
In this way, the entire system is described without omission. In an example 35 of a composite 
security specification, a composite security specification is created such that it is possible to identify 
the portions (portions with underlining 351) where descriptive details of the security specification of 
each component are referred to. 

Figure 4 is a layout diagram of security specification creation support device 11 according to 
this embodiment. As shown in Figuge -Figure 4, the security specification creation support device 1 1 
of this embodiment is implemented by a CPU 51 executing a communication control PG (program) 
541 and a security specification compilation and support PG 542 loaded in memory 55 in an 
ordinary computer system having a CPU 51, memory 52, an external storage device 54 such as an 
HDD, a terminal input/output device 52 that presents information to a user and that accepts 
information from a user through a display device 56 such as an LCD or CRT and input devices 57 
such as a keyboard and mouse, a network IF (interface) device 58 for performing communication 
through a network, a portable storage input/output device 59 that controls reading/writing of 
portable media such as a CD-ROM, DVD-ROM, MO or floppy disk, and a bus 53 that mutually 
connects these devices. 
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Please amend the first and second full paragraphs on page 18 as follows: 
Figure 10 is a view showing an e xampl e exemplary states of a menu bar of a working screen 
displayed on the display device 56 by the system configuration definition PG 5421. First of all, the 
operating procedure and screen layout in S711 of Figure 8 (acceptance of definition information of 
the system to be designed) will be described using Figure 10. 

As shown in Figure 10 , section (A), the system configuration definition PG 5421 displays as 
the initial screen a specification editing screen 91. By operating the cursor ( not shown) through an 
input device 57, the user selects the item "TOE definition support" 9111 from the menu bar item 
"Tools" 911; the TOE definition screen 92 that displays the system deployment tree (layer structure 
of the system to be designed) specified by the definition information of the system to be designed 
stored in the definition information storage region 554 of the system to be designed is then 
displayed on the display device 56 through the terminal input/output device 52. To close this TOE 
definition screen 92, as shown in Figure 10 , section (B), the user may select the item "Close" 9211 
from the menu bar item "File" 921. 

Please amend the first and second full paragraphs on page 19 as follows: 
In Figure 1 1 , the nodes 9241 to 9243 with rectangular marks constitute domains. In the case 
of the duty rota management system shown in Figure 2, these can be divided into three domains, 
namely, the "Head Office site zone" domain 9241, "branch site zone" domain 9242 and "inter site 
network" domain 9243. As shown in Figure 1 0, section (C), to add a domain, the item" Add 
Element" 9222 is selected from the item "Edit" 922 of the menu bar on the TOE definition screen 92 
by operating the cursor (not shown) through the input device 57, and further selecting the item 
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"Domain" 9223. In this way, the system configuration definition PG 5421 displays addition of a 
new node with a rectangular mark, connected to the "TOE" node 9240 (S71 11 of Figure 9). 

Also, in Figure 11, the nodes 9244, 9245 with triangular marks are subsystems. In the case 
of the duty rota management system shown in Figure 2, for example the "typical user terminal" 
subsystem 9244 and "duty rota management server" subsystem 9245 belong to the "Head Office site 
zone" domain 9241. As shown in Figure 10 , section (C) addition of a subsystem is performed by 
operating the cursor (not shown) through the input device 57 so as to select the item "Add Element" 
9222 in the TOE definition screen 92 from the item "Edit" 922 of the menu bar and, furthermore, to 
select the item "Subsystem" 9224 and designate a node of the desired domain. In this way, the 
system configuration definition PG 5421 displays addition of a new node with a triangular mark 
connected to the node of the desired domain (S7113 of Figure 9). 

Please amend the paragraph bridging pages 19 and 20 as follows: 

Also, in Figure 11, the nodes 9246 to 9256 with the circle marks are components. In the 
case of the duty rota management system shown in Figure 2, for example the component 
"application layer" 9246, the component "browser for duty rota input" 9249, the component "mailer 
for receiving notifications" 9250, the component "OS layer" 9247, "terminal OS" 9251, the 
component "hardware layer" 9248, the component "AT compatible hardware" 9252 and "network 
card" 9253 belong to the "typical user terminal" subsystem 9244. It should be noted that, as shown 
in Figure 10 , section (C), addition of a component is performed by operating the cursor (not shown) 
through the input device 57 so as to select the item "Add Element" 9222 in the TOE definition 
screen 92 from the item "Edit" 922 of the menu bar and, furthermore, to select the item 
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"Component" 9225 and designate the node of a desired subsystem or component. In this way, the 
system configuration definition PG 5421 displays addition of a new node with a circle mark 
connected to the node of the desired subsystem or component (S7115 of Figure 9). 

Please amend the paragraph bridging pages 20 and 21 as follows: 

Also, as shown in Figure 10 , section (C), when the user selects the item "Set Definition 
Information" 9221 from the menu bar item "Edit" 922 in the TOE definition screen 92 by 
designating the node of the domain displayed in the display frame 924 by operating the cursor ( not 
shown), the system configuration definition PG 5421 displays on the display device 56 through the 
terminal input/output device 52 the definition information of the domain in question that is stored in 
the definition information storage region 554 of the system to be designed and also displays the 
domain definition screen 93 for acceptance of revisions of the definition information of the domain 
in question. 

Please amend the second paragraph on page 22 as follows: 

Also, as shown in Figure 10 , section (C), when the user designates a subsystem node 
displayed in the display frame 924 by operating the cursor (not shown) and selects the item "Set 
Definition Information" 9221 from the item "Edit" 922 of the menu bar in the TOE definition screen 
92, the system configuration definition PG 5421 displays on the display device 56 through the 
terminal input device 52 the definition information of the subsystem in question that is stored in the 
definition information storage region 554 of the system to be designed and displays the subsystem 
definition screen 94 for acceptance of revisions of the definition information of the subsystem in 
question. 
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Please amend the first full paragraph on page 24 as follows: 

Also, as shown in Figure 10 , section (C), if, in the TOE definition screen 92, the item "Set 
Definition Information" 9221 is selected from the item "Edit" 922 of the menu bar after specifying 
the node of the component displayed in the display frame 924 by the user operating the cursor (not 
shown) , the system configuration definition PG 5421 displays definition information of the 
component in question stored in the definition information storage region 554 of the system to be 
designed and displays the component definition screen 95 for acceptance of revisions of the 
definition information of the component in question on the display device 56 through the terminal 
input/output device 52. 

Please amend the third paragraph on page 27 as follows: 

As shown in Figure 10 , section (D), when the user selects the item "component specification 
draft creation" 9231 from the item "Tools" 923 of the menu bar in the TOE definition screen 92 by 
operating the cursor (not shown), the security specification selection PG 5422 executes S712 to 
S716 of Figure 8, with the respective components identified by the definition information of the 
system to be designed designated as noted components. 

Please amend the first paragraph on page 29 as follows: 

As shown in Figure 10 , section (D), when the item "composite specification draft creation" 
9232 is selected from the item "Tools" 923 of the menu bar in the TOE definition screen 92 by the 
user operating the cursor (not shown) , the security specification draft creation PG 5423 reflects the 
details of the security specification draft of the components stored in the security specification draft 
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storage region 555 in the form of security specification that has been prepared beforehand and 
thereby automatically creates a composite security specification draft in respect of the system to be 
designed (S717 of Figure 8). 
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